Expert Comments

Hackers Create Fake Image-hosting Portal To Steal Card Data

Expert(s): Security Experts
Expert(s): Security Experts

In one of the most complex and innovative hacking campaigns detected to date, a hacker group created a fake icons hosting website in order to disguise malicious code meant to steal payment card data from hacked websites, according to ZDNet. This attack is often referred to as web skimming, where hackers breach websites and then hide malicious code on its pages, code that records and steals payment card details as they’re entered in checkout forms. However, this campaign was more sophisticated than most, as the only thing modified on the hacked sites was the favicon – the logo image shown in browser tabs.

Experts Comments

May 07, 2020
Jake Moore
Cybersecurity Specialist
ESET
Although web skimming has been around for a few years now, this campaign takes the remarkable skill needed to the next level. To go below the radar is quite a feat alone – but to use the favicon, where security professional would rarely look, shows the extent to which hackers will go to in order to remain undetected. Web skimming can be extremely lucrative if it works, hence cyber criminals are going to great lengths to achieve this digital heist. Once pulled off, it can often be months.....Read More
Although web skimming has been around for a few years now, this campaign takes the remarkable skill needed to the next level. To go below the radar is quite a feat alone – but to use the favicon, where security professional would rarely look, shows the extent to which hackers will go to in order to remain undetected. Web skimming can be extremely lucrative if it works, hence cyber criminals are going to great lengths to achieve this digital heist. Once pulled off, it can often be months before the alarm bells ring. Websites and organisations must remain alert to new and intuitive methods deployed by hackers. This relies heavily on updating regularly and installing all available patches at the earliest opportunity, along with web admins remaining on top of the latest threats.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

IKEA Suffering Ongoing “Reply-Chain” Email Attack

Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication...

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Panasonic Becomes Latest Victim Of Data Breach – Security Expert...

Clearview’s £17 Million Fine For Processing 10+ Billion Images Is...

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts